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DETAILED ACTION 

1 . The Amendment, and remarks therein, received on 8/1 1/2005 have been entered 
and carefully considered. 

2. The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior office action. 

Response to Amendment 

3. Applicant's arguments have been carefully considered but they were not found 
persuasive. 

4. As per the Double Patenting Rejection, the examiner acknowledges applicant's 
plans to allow U.S. Patent Application No. 09/728558 to go abandoned. 

5. Although, the instant application continues to retain the Double Patenting Rejection 
as U.S. Patent Application No. 09/728558 remains pending, the rejection 
automatically will be invalidated upon application 09/728558 going abandoned. 

6. Applicant argues that neither Pfleeger nor Wiegel disclose or suggest "providing at 
least a portion of the access-control logic to an interconnection system in response 
to an attempted inter-node communication involving the at least one service 
component (or between service components). 

7. The examiner finds the argument not persuasive. 

8. Pfleeger teaches a screening router that can allow or restrict inter-node 
communication based on network addresses and port numbers (Pfleeger, section 
9.5 pg. 426-428). Computers operate using computer programs (known by various 
names, e.g. routines, applications, code etc.). The programs are responsible for 
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providing various functionalities to other programs allowing the computer to perform 
different tasks. Some of the programs may be related to programs that utilize local 
resources, others enable communication among programs located on other 
computers, e.g. programs implementing TCP/IP stack. One can think of it as 
programs providing services and in fact this nomenclature is commonly used e.g. in 
Windows operating systems. 

9. In order for the communication to take place between two computers many 
programs are implemented providing various services (e.g. handshake which 
essentially is a connection establishment, session association etc.). For more 
details the examiner points to any network communication literature and for 
illustrative purposes attaches a brief summary of OSI and TCP/IP models (Stallings, 
pg. 20-21). 

10. Firewalls (e.g. screening routers) control communication between devices as shown 
by Pfleeger in section 9.5. As a result in inter-node communication wherein a firewall 
is employed one must consider three types of players: service components that are 
located on the sender computer (inter-node) capable to initiate attempted inter-node 
communication, service components located on the receiving inter-node and 
allowing acceptance of inter-node communication traffic and an entity (firewall) 
overseeing (controlling according to set policies) the attempted communication. 

1 1. Similarly, Wiegel's invention is essentially an interface to a data communication 
filtering mechanism (firewall) that is used by the mechanism to filter data pockets 



Application/Control Number: 09/941,326 
Art Unit: 2134 



Page 4 



based on the assigned rules (Wiegel, col. 2 lines 36-65, col. 4 lines 24-33, col. 11 
lines 30-42). 

12. Applicant argues that neither Pfleeger nor Wiegel disclose or suggest providing to 
the interconnection system, in response to an attempted inter-node communication 
between the application components, at least a portion of access-control rules that 
define allowed communication between the application components. 

13. The examiner finds the argument not persuasive and points out that earlier 
presented arguments are relevant to this argument as well. Looking at 
communication layers (e.g. TCP/IP) it is clear that applications initiate data 
connections. In addition programs (services) discussed above are application 
components . 

1 4. Applicant argues that neither Pfleeger nor Wiegel disclose or suggest "a session 
manager communicatively linked with the interconnection system, wherein the logic 
is located at least in part, in the session manager, and wherein the session manager 
provides at least a portion of the logic to the interconnection system in response to 
the attempted inter-node communication. 

15. The examiner points out that Wiegel's invention deals with session operations, e.g. 
evaluates session requests (col. 17 line 58- col. 18 line 40). As a result there must 
be a session manager entity that manages operations associated with the sessions. 

16. As per the argument in regard to Pfleeger and a screening router (Remarks, pg. 17- 
18) the examiner points out that a screening router is another name for a firewall and 
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as already discussed above the firewalls' purpose is to filter data based on 
established policies. 

17. As per arguments directed to Wiegel's teaching (Remarks, pg. 18) the examiner 
points out that Wiegel's invention is essentially an interface to a data communication 
filtering mechanism (firewall) that is used by the mechanism to filter data based on 
the assigned rules (Wiegel, col. 2 lines 36-65, col. 4 lines 24-33, col. 11 lines 30-42). 
As a result, Wiegel's teaching is nothing less than an access-control logic/rules and 
when implemented by a computer (e.g. on a firewall machine as suggested in 
Wiegel in col.1 1 lines 33) it results in the acception/rejection of network packets. 

18. Also, although Pfleeger does not explicitly discuss firewalls implementing session 
managers, firewalls that manage sessions are old and well known in the art, for 
example "Stateful Inspection" (e.g. Freund U.S. Patent No. 5987611, col. 2 lines 15- 
58) and one of ordinary skill in the art at the time of applicant's invention would have 
been motivated to employ the session manager in order to inspect the data packets 
transport protocol (e.g., TCP) header (and even the application level protocols) in an 
attempt to better understand the exact nature of the data exchange. 

19. Summarizing, Pfleeger's teaches a screening router implementing a company's 
policies that screens communication allowing only the communication addressed to 
certain addresses (Pfleeger, Screening Router, pg. 429-430. The examiner points 
out that although Pfleeger discuses Screening Router firewall type, the whole 
Firewall introduction pg. 426-428 is also relevant to applicant's limitations). This 
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reads on "providing at least a portion of the access-control logic to an 
interconnection system in response to an attempted inter-node communication 
involving the at least one service component (or between service components)" and 
"providing to the interconnection system, in response to an attempted inter-node 
communication between the application components, at least a portion of access- 
control rules that define allowed communication between the application 
components". 

20. Similarly, Wiegel's teaching of an information communication policy for the network 
device, and generating a set of instructions based on the symbolic representation of 
the policy, wherein the set of instructions causes the network device to selectively 
pass or reject messages according to the policy (Wiegel, col. 5 lines 12-23) also 
reads on "providing at least a portion of the access-control logic to an 
interconnection system in response to an attempted inter-node communication 
involving the at least one service component (or between service components)" and 
"providing to the interconnection system, in response to an attempted inter-node 
communication between the application components, at least a portion of access- 
control rules that define allowed communication between the application 
components". 

21. Claims 1-21, 24, 26-28, 30-38 and 42-49 have been examined. 

22. The effective filing date for the subject matter defined in the pending claims in this 
application is 02/28/2001 . 
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Claim Rejections - 35 USC § 102 

23. Claims 1,13 and 37 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Pfleeger (Charles P. Pfleeger, "Security in Computing", ISBN 0133374866, 1996). 

24. As per claims 1 and 13 Pfleeger teaches a screening router that can allow or restrict 
inter-node communication based on network addresses and port numbers (Pfleeger 
sec. 9.5 pg. 426-428). 

25. The newly introduced limitation: "providing at least a portion of the access-control 
logic to the interconnection system in response to an attempted inter-node 
communication involving the at last one service component" is inherent. The main 
purpose of the firewalls (screening routers) is to allow or block inter-node 
communication and inter-node communications inherently involve multiple service 
components. As a result Pfleeger's teaches a screening router implementing a 
company's policies that screens communication allowing only the communication 
addressed to certain addresses (Pfleeger, Screening Router, pg. 429-430. The 
examiner points out that although Pfleeger disQUses Screening Router firewall type, 
the whole Firewall introduction pg. 426-428 is also relevant to applicant's limitations). 
This reads on "providing at least a portion of the access-control logic to an 
interconnection system in response to an attempted inter-node communication 
involving the at least one service component (or between service components)" and 
"providing to the interconnection system, in response to an attempted inter-node 
communication between the application components, at least a portion of access- 
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control rules that define allowed communication between the application 
components". 

26. Claims 1-8, 12-14, 21, 24, 26, 31-32, 34, 36-38, 43 and 46-49 are rejected under 35 
U.S.C. 102(e) as being anticipated by Wiegel (U.S. Patent No. 6484261). 

27. As per claims 1, 13, 37 and 38 Wiegel teaches a method for controlling a network 
device that passes or rejects information messages, the method comprising the 
computer-implemented steps of defining a set of symbols that identify logical 
operations that can be carried out by the network device; defining an information 
communication policy for the network device by graphically interconnecting one or 
more of the symbols into a symbolic representation of the policy; and generating a 
set of instructions based on the symbolic representation of the policy, wherein the 
set of instructions causes the network device to selectively pass or reject messages 
according to the policy (Wiegel, col. 5 lines 12-23). 

28. Wiegel's invention is essentially an interface to a data communication filtering 
mechanism (firewall) that is used by the mechanism to filter data pockets based on 
the assigned rules (Wiegel, col. 2 lines 36-65, col. 4 lines 24-33, col. 1 1 lines 30-42). 

29. Thus, Weigel's teaching reads on establishing access control logic restricting inter- 
node communication involving the at least one service component based on the 
identity of at least one of the service components, applying the access-control logic 
to block an inter-node communication involving the at least one service component 
and on providing to the interconnection system, in response to an attempted inter- 
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node communication between the application components, at least a portion of 
access-control rules that define allowed communication between the application 
components. 

30. As per claims 2-8, 12, 14-21 , 24, 26, 28, 30-32, 34, 36, 38 and 46-48 Wiegel 
teaches that sites determine how security policies are applied, how networks are 
organized, and how network address translation works between two or more sites. 
How a network packet travels across two sites determines which security polices are 
applied. This traversal identifies the source and destination of the packet, thus 
identifying the point of origin as one site. Security policies that are applied to a 
particular site are enforced against all network packets that originate from that site 
(col. 13 lines 14-22, col. 7 lines 45-54). Wiegel's invention utilizes applications, IP 
addresses and ports related to source and destinations (col. 7 lines 45-54) and 
applies the controls to Internet communication (col. 10 lines 44-67). The system 
comprises a firewall, a router and a switch that enforce one or more network security 
policies and a policy translation agent responsible for translating or converting 
policies as represented in knowledge base into a form that can be understood by a 
firewall, a router or a switch (Fig. 2, col. 11 lines 22-42). Wiegel's implementation is 
associated with session operations, e.g. evaluates session requests (col. 17 line 58- 
col. 18 line 40). Before policies are implemented to allow or disallow interconnection 
system data flow they must be implemented on the computer that will implement the 
policies. Also, computers inherently utilize interrupt signals during computer 
operations, e.g. in order to switch from one task to another. 
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Claim Rejections - 35 USC § 103 

31. Claims 9-11, 27, 33, 35, 42 and 44-45 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Wiegel (U.S. Patent No, 6484261) in view of Official Notice. 

32. As per claim 9 Wiegel does not explicitly teach that at least two processing nodes of 
the plurality of interconnected processing nodes run different operating systems. 
Official Notice is taken that it is old and well-known practice to interconnect 
processing nodes running different operating systems. 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to interconnect processing nodes running different operating systems. 
One of ordinary skill in the art at the time of applicant's invention would have been 
motivated to utilize Wiegel's invention in the environment where interconnected 
processing nodes run different operating systems for the benefit of interoperability. 

33. Claims 10 and 44-45 are substantially equivalent to claim 9; therefore claims 10 and 
44-45 are similarly rejected. 

34. As per claims 1 1 , 33 and 42 Wiegel does not explicitly teach that the computing 
environment is a cluster-based computing environment. 

Official Notice is taken that utilizing a cluster-based computing environment is old 
and well-known practice. 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to utilize Wiegel's invention in a cluster-based computing environment. 
One of ordinary skill in the art at the time of applicant's invention would have been 



Application/Control Number: 09/941 ,326 Page 1 1 

Art Unit: 2134 

motivated to employ a cluster-based computing environment to take advantage of 
communication accessibility. 

35. As per claim 35 Wiegel does not teach an attempted inter-node communication 
comprising an attempted inter-node between antagonistic service components and 
application providers competing for business. Official notice is taken that it is old 
and well-known in the art that the Internet includes nodes with antagonistic service 
components hosted by many competing application providers. Thus, it is unrealistic 
to keep all of the nodes with antagonistic services out of the Internet connection. 
Therefore it would have been obvious that antagonistic serviced components would 
have competed. 

36. As per claim 27 Wiegel teaches that the switch utilizes a policy translation agent to 
translate or to convert policies as represented in knowledge base into a form that 
can be understood by the switch. Wiegel does not explicitly teach the switch 
translating the instructions by itself. 

Official Notice is taken that it is old and well-known practice to implement instruction 
translation on a device that implements the instruction. 

37. It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to implement instruction translation on a device that implements the 
instruction. One of ordinary skill in the art at the time of applicant's invention would 
have been motivated to employ translation of the instruction on the executing device 
in order to speed up the execution process. 

38. Wiegel also does not teach that the switch can receive command-line instructions. 
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Official Notice is taken that it is old and well-known practice to provide computers 
with command line instructions that are interpreted/executed by the computers. One 
of ordinary skill in the art at the time of applicant's invention would have been 
motivated to employ command-line instructions to take advantage of quick access to 
and configuration of the switch. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is (571 )272- 
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3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (571 )272-3838. The fax phone number 
for the organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free). 
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